Merge branch 'B-21977' into B-21983

transcom · Feb 13, 2025 · f77a5b6 · f77a5b6
2 parents f473e51 + 637c795
commit f77a5b6
Show file tree

Hide file tree

Showing 173 changed files with 7,323 additions and 2,714 deletions.
diff --git a/.envrc b/.envrc
@@ -415,7 +415,7 @@ if [ ! -r .nix-disable  ] && has nix-env; then
 
   # add the NIX_PROFILE bin path so that everything we just installed
   # is available on the path
-  PATH_add ${NIX_PROFILE}/bin
+  PATH_add "${NIX_PROFILE}"/bin
   # Add the node binaries to our path
   PATH_add ./node_modules/.bin
   # nix is immutable, so we need to specify a path for local changes, e.g.

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
@@ -8,6 +8,7 @@
 variables:
   #Docker config
   DOCKER_AUTH_CONFIG: "{\"auths\":{\"https://index.docker.io/v1/\":{\"auth\":\"$CI_REGISTRY_USER:$CI_REGISTRY_PASSWORD\"}}}"
+  #hard code sha as newer version of debian is needed for pre-test
   DOCKER_APP_IMAGE: milmove01/transcom-docker:milmove-app
   DOCKER_BASE_IMAGE: milmove01/transcom-docker:base
   DOCKERHUB_USERNAME: DOCKERHUB_USERNAME
@@ -24,7 +25,7 @@ variables:
   #CIRCLE_TOKEN: "$GITLAB_API_TOKEN"       # GitLab API token for querying pipelines
   CIRCLE_BUILD_NUM: "$CI_PIPELINE_ID"
 
-  GOPATH: "$CI_PROJECT_DIR/go"
+  GOPATH: "/home/transcom/go"  #Go path on the app image
   GOLANGCI_LINT_CONCURRENCY: "4"
   GOLANGCI_LINT_VERBOSE: "-v"
 
@@ -63,7 +64,7 @@ stages:
 #set safe directory and path
 .setup_milmove_env: &setup_milmove_env
     - git config --global --add safe.directory /builds/milmove/mymove
-    - export PATH=${PATH}:${GOPATH}/bin:~/transcom/mymove/builds/milmove/mymove:/builds/milmove/mymove/scripts
+    - export PATH=${PATH}:${GOPATH}/bin:~/transcom/mymove/builds/milmove/mymove:/builds/milmove/mymove/scripts:/builds/milmove/mymove/bin
     - export REACT_APP_ERROR_LOGGING=otel
 
 .announce_failure: &announce_failure
@@ -254,6 +255,7 @@ stages:
       export OKTA_API_KEY=notrealapikey8675309
       export OKTA_OFFICE_GROUP_ID=notrealgroupId
       export OKTA_CUSTOMER_GROUP_ID=notrealcustomergroupId
+      export IWS_RBS_HOST=pkict.dmdc.osd.mil
 
 .setup_env_intergration_mtls: &setup_env_intergration_mtls
   - |
@@ -389,6 +391,89 @@ pre_deps_golang:
   #     - $GOPATH/pkg/mod
   #     - /builds/milmove/mymove/bin  # Ensure this path is correct and writable.
   # Optionally, you can define an after_script for cleanup or notifications.
+golang_lint:
+  stage: pre_checks
+  interruptible: true
+  tags:
+    - $DOCKER_RUNNER_TAG
+  image: golangci/golangci-lint:latest # Refer to https://hub.docker.com/r/golangci/golangci-lint
+  script:
+    - golangci-lint run --print-issued-lines=false --timeout=25m --out-format code-climate:gl-code-quality-report.json,line-number
+  artifacts:
+      reports:
+        codequality: gl-code-quality-report.json
+      paths:
+        - gl-code-quality-report.json
+      when: always
+  allow_failure: true
+
+# WIP but failing and will need to get back to see if this is a viable option for go test coverage
+# golang_coverage:
+#   stage: pre_checks
+#   interruptible: true
+#   tags:
+#     - $DOCKER_RUNNER_TAG
+#   image: $DOCKER_APP_IMAGE
+#   services:
+#     - name: docker:dind
+#       alias: docker
+#     - name: $postgres
+#     - name: $redis
+#   before_script:
+#     - *setup_milmove_env
+#   variables:
+#     KUBERNETES_CPU_REQUEST: "4"
+#     KUBERNETES_MEMORY_REQUEST: "8Gi"
+#     KUBERNETES_MEMORY_LIMIT: "8Gi"
+#     DOCKER_HOST: "tcp://docker-backend.gitlab-runner.svc.cluster.local:2375"
+#     DOCKER_TLS_CERTDIR: ""
+#     APPLICATION: app
+#     # 8 since this runs on xlarge with 8 CPUs
+#     GOTEST_PARALLEL: 8
+#     DB_PASSWORD: mysecretpassword
+#     DB_USER_LOW_PRIV: crud
+#     DB_PASSWORD_LOW_PRIV: mysecretpassword
+#     DB_USER: postgres
+#     DB_HOST: localhost
+#     DB_PORT_TEST: 5432
+#     DB_PORT: 5432
+#     DB_NAME: test_db
+#     DB_NAME_TEST: test_db
+#     DTOD_USE_MOCK: 'true'
+#     MIGRATION_MANIFEST: '/builds/milmove/mymove/migrations/app/migrations_manifest.txt'
+#     MIGRATION_PATH: 'file:///builds/milmove/mymove/migrations/app/schema;file:///builds/milmove/mymove/migrations/app/secure'
+#     EIA_KEY: db2522a43820268a41a802a16ae9fd26 # dummy key generated with openssl rand -hex 16
+#     ENV: test
+#     ENVIRONMENT: test
+#     SERVER_REPORT: 1
+#     COVERAGE: 1
+#     SERVE_API_INTERNAL: 'true'
+#     OKTA_CUSTOMER_CLIENT_ID: 1q2w3e4r5t6y7u8i9o
+#     OKTA_ADMIN_CLIENT_ID: AQ1SW2DE3FR4G5
+#     OKTA_OFFICE_CLIENT_ID: 9f9f9s8s90gig9
+#     OKTA_API_KEY: notrealapikey8675309
+#     OKTA_OFFICE_GROUP_ID: notrealgroupId
+#     OKTA_CUSTOMER_GROUP_ID: notrealcustomergroupId
+#     POSTGRES_DB: test_db #for postgres container
+#     POSTGRES_USER: postgres
+#     POSTGRES_PASSWORD: mysecretpassword
+#     POSTGRES_HOST_AUTH_METHOD: trust
+#     DPS_AUTH_SECRET_KEY: placeholder
+#     CSRF_AUTH_KEY: d096fd8529eefaa46497849d11d2ff2e979ddfaed1aff058524ada9bceadd67c
+#     IWS_RBS_ENABLED: 0
+#     IWS_RBS_HOST: "pkict.dmdc.osd.mil"
+#   script:
+#     - go test ./... -coverprofile=coverage.txt -covermode count
+#     - go get github.com/boumenot/gocover-cobertura
+#     - go run github.com/boumenot/gocover-cobertura < coverage.txt > coverage.xml
+#   allow_failure: true
+#   after_script:
+#     - *announce_failure
+#   artifacts:
+#     reports:
+#       coverage_report:
+#         coverage_format: cobertura
+#         path: /builds/milmove/mymove/coverage.xml
 
 pre_deps_yarn:
   stage: pre_checks
@@ -639,36 +724,36 @@ pre_test:
       [ -d ~/transcom/mymove/spectral ] && cp -r ~/transcom/mymove/spectral /tmp/spectral_baseline || echo "Skipping saving baseline"
     - rm -rf ~/transcom/mymove/spectral
     - *install_yarn
+    # this is so we can avoid go mod downloading and resulting in an error on a false positive
+    - ./scripts/pre-commit-go-mod || exit 0
     - echo "Run pre-commit tests without golangci-lint, eslint, or prettier"
-    - SKIP=golangci-lint,eslint,prettier,ato-go-linter,gomod,appcontext-linter pre-commit run --all-files
-    - |
-        echo "Run pre-commit tests with ato-go-linter only"
-        pre-commit run -v --all-files ato-go-linter
-    - |
-        echo "Run pre-commit tests with gomod only"
-        pre-commit run -v --all-files gomod,appcontext-linter
-    - |
-        echo "Run pre-commit tests with appcontext-linter only"
-        pre-commit run -v --all-files appcontext-linter
+    - SKIP=golangci-lint,eslint,prettier pre-commit run --all-files
     - echo "Run pre-commit tests with golangci-lint only"
     - |
-        echo 'export GOLANGCI_LINT_CONCURRENCY=4' >> $BASH_ENV
-        echo 'export GOLANGCI_LINT_VERBOSE=-v' >> $BASH_ENV
-        source $BASH_ENV
+        export GOLANGCI_LINT_CONCURRENCY=4
+        export GOLANGCI_LINT_VERBOSE=-v
         mkdir -p tmp/test-results/pretest
-        pre-commit run -v --all-files golangci-lint | tee tmp/test-results/pretest/golangci-lint.out
-    -  echo "Run prettier, eslint, danger checks"
+    # can this be removed in favor of golang_lint?
+    - pre-commit run -v --all-files golangci-lint | tee tmp/test-results/pretest/golangci-lint.out
+    - echo "Run prettier, eslint, danger checks"
     - yarn prettier-ci
     - yarn lint
     - yarn danger ci --failOnErrors
-    -  echo "Run spectral linter on all files"
+    - echo "Run spectral linter on all files"
     - ./scripts/ensure-spectral-lint /tmp/spectral_baseline spectral
-    - ./scripts/pre-commit-go-mod || exit 0
   allow_failure: true
   after_script:
     - *announce_failure
-  rules:
-   - *check_server_ignore_branch
+  artifacts:
+      reports:
+        codequality: tmp/test-results/pretest/golangci-lint.out
+      paths:
+        - tmp/test-results/pretest/golangci-lint.out #remove if golang_lint works
+        - tmp/spectral_baseline/*.json #what do we need to store for review?
+        - spectral/*.json #what do we need to store for review?
+      when: always
+  # rules:
+  #  - *check_server_ignore_branch
 
 server_test:
   stage: test
@@ -698,7 +783,7 @@ server_test:
     DB_PASSWORD_LOW_PRIV: mysecretpassword
     DB_USER: postgres
     DB_HOST: localhost
-    DB_PORT_TEST: 5433
+    DB_PORT_TEST: 5432
     DB_PORT: 5432
     DB_NAME: test_db
     DB_NAME_TEST: test_db
@@ -717,18 +802,22 @@ server_test:
     OKTA_API_KEY: notrealapikey8675309
     OKTA_OFFICE_GROUP_ID: notrealgroupId
     OKTA_CUSTOMER_GROUP_ID: notrealcustomergroupId
+    POSTGRES_DB: test_db #for postgres container
+    POSTGRES_USER: postgres
+    POSTGRES_PASSWORD: mysecretpassword
+    POSTGRES_HOST_AUTH_METHOD: trust
+    DPS_AUTH_SECRET_KEY: placeholder
+    CSRF_AUTH_KEY: d096fd8529eefaa46497849d11d2ff2e979ddfaed1aff058524ada9bceadd67c
+    IWS_RBS_ENABLED: 0
+    IWS_RBS_HOST: "pkict.dmdc.osd.mil"
   script:
-    - psql --version
     - for i in $(seq 1 5); do go mod download && break || s=$? && sleep 5; done; (exit $s)
     - scripts/check-generated-code go.sum
     - make bin/swagger
-    - echo "server test -- TODO Add steps need to potentially pass job id to file and persist"
+    - echo "server test -- build gotestsum and run scripts for report"
     - make -j 2 bin/milmove bin/gotestsum
     - make server_test for app
-    # - go install gotest.tools/gotestsum@latest
-    # - go mod tidy
-    #- bin/gotestsum --junitfile server_test_report.xml --format server_test
-  allow_failure: true
+  allow_failure: true #leaving true until 5 tests failing tests are working
   artifacts:
     paths:
       - /builds/milmove/mymove/bin/gotestsum
@@ -738,8 +827,9 @@ server_test:
       junit: /builds/milmove/mymove/tmp/test-results/gotest/app/go-test-report.xml
   after_script:
     - *announce_failure
-  rules:
-   - *check_server_ignore_branch
+  # we want to make this run on every branch bc webhooks don't exist currently
+  # rules:
+  #  - *check_server_ignore_branch
 
 server_test_coverage:
   stage: test
@@ -806,8 +896,9 @@ client_test:
       - /builds/milmove/mymove/jest-junit-reports
   after_script:
     - *announce_failure
-  rules:
-   - *check_client_ignore_branch
+  # we want to make this run on every branch bc webhooks don't exist currently
+  # rules:
+  #  - *check_client_ignore_branch
 
 client_test_coverage:
   stage: test

diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM debian:stable AS build-env
+FROM harbor.csde.caci.com/docker.io/debian:stable AS build-env
 
 COPY config/tls/dod-wcf-root-ca-1.pem /usr/local/share/ca-certificates/dod-wcf-root-ca-1.pem.crt
 COPY config/tls/dod-wcf-intermediate-ca-1.pem /usr/local/share/ca-certificates/dod-wcf-intermediate-ca-1.pem.crt
@@ -8,7 +8,7 @@ RUN apt-get install -y ca-certificates --no-install-recommends
 RUN update-ca-certificates
 
 # hadolint ignore=DL3007
-FROM gcr.io/distroless/base-debian11@sha256:ac69aa622ea5dcbca0803ca877d47d069f51bd4282d5c96977e0390d7d256455
+FROM gcr.io/distroless/base-debian12@sha256:74ddbf52d93fafbdd21b399271b0b4aac1babf8fa98cab59e5692e01169a1348
 COPY --from=build-env /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
 
 COPY bin/rds-ca-rsa4096-g1.pem /bin/rds-ca-rsa4096-g1.pem

diff --git a/Dockerfile.dp3 b/Dockerfile.dp3
@@ -1,7 +1,7 @@
-FROM debian:stable AS build-env
+FROM harbor.csde.caci.com/docker.io/debian:stable AS build-env
 
 # hadolint ignore=DL3007
-FROM gcr.io/distroless/base-debian11@sha256:ac69aa622ea5dcbca0803ca877d47d069f51bd4282d5c96977e0390d7d256455
+FROM gcr.io/distroless/base-debian12@sha256:74ddbf52d93fafbdd21b399271b0b4aac1babf8fa98cab59e5692e01169a1348
 
 #AWS GovCloud RDS cert
 COPY bin/rds-ca-rsa4096-g1.pem /bin/rds-ca-rsa4096-g1.pem
@@ -32,4 +32,4 @@ ENTRYPOINT ["/bin/milmove"]
 
 CMD ["serve", "--logging-level=debug"]
 
-EXPOSE 8080
+EXPOSE 8080
diff --git a/Dockerfile.local b/Dockerfile.local
@@ -20,7 +20,7 @@ RUN rm -f bin/milmove && make bin/milmove
 #########
 
 # hadolint ignore=DL3007
-FROM gcr.io/distroless/base-debian11@sha256:ac69aa622ea5dcbca0803ca877d47d069f51bd4282d5c96977e0390d7d256455
+FROM gcr.io/distroless/base-debian12@sha256:74ddbf52d93fafbdd21b399271b0b4aac1babf8fa98cab59e5692e01169a1348
 
 COPY --from=builder --chown=root:root /home/circleci/project/bin/rds-ca-rsa4096-g1.pem /bin/rds-ca-rsa4096-g1.pem
 COPY --from=builder --chown=root:root /home/circleci/project/bin/rds-ca-2019-root.pem /bin/rds-ca-2019-root.pem

diff --git a/Dockerfile.migrations b/Dockerfile.migrations
@@ -1,4 +1,4 @@
-FROM debian:stable AS build-env
+FROM harbor.csde.caci.com/docker.io/debian:stable AS build-env
 
 COPY config/tls/dod-wcf-root-ca-1.pem /usr/local/share/ca-certificates/dod-wcf-root-ca-1.pem.crt
 COPY config/tls/dod-wcf-intermediate-ca-1.pem /usr/local/share/ca-certificates/dod-wcf-intermediate-ca-1.pem.crt
@@ -9,7 +9,7 @@ RUN update-ca-certificates
 
 
 # hadolint ignore=DL3007
-FROM gcr.io/distroless/base-debian11@sha256:ac69aa622ea5dcbca0803ca877d47d069f51bd4282d5c96977e0390d7d256455
+FROM gcr.io/distroless/base-debian12@sha256:74ddbf52d93fafbdd21b399271b0b4aac1babf8fa98cab59e5692e01169a1348
 
 COPY config/tls/dod-wcf-root-ca-1.pem /usr/local/share/ca-certificates/dod-wcf-root-ca-1.pem.crt
 COPY config/tls/dod-wcf-intermediate-ca-1.pem /usr/local/share/ca-certificates/dod-wcf-intermediate-ca-1.pem.crt

diff --git a/Dockerfile.reviewapp b/Dockerfile.reviewapp
@@ -108,7 +108,7 @@ RUN set -x \
 #########
 
 # hadolint ignore=DL3007
-FROM gcr.io/distroless/base-debian11@sha256:ac69aa622ea5dcbca0803ca877d47d069f51bd4282d5c96977e0390d7d256455 as milmove
+FROM gcr.io/distroless/base-debian12@sha256:74ddbf52d93fafbdd21b399271b0b4aac1babf8fa98cab59e5692e01169a1348 as milmove
 
 COPY --from=server_builder /build/bin/rds-ca-2019-root.pem /bin/rds-ca-2019-root.pem
 COPY --from=server_builder /build/bin/milmove /bin/milmove

diff --git a/Dockerfile.tasks b/Dockerfile.tasks
@@ -1,4 +1,4 @@
-FROM debian:stable AS build-env
+FROM harbor.csde.caci.com/docker.io/debian:stable AS build-env
 
 COPY config/tls/dod-wcf-root-ca-1.pem /usr/local/share/ca-certificates/dod-wcf-root-ca-1.pem.crt
 COPY config/tls/dod-wcf-intermediate-ca-1.pem /usr/local/share/ca-certificates/dod-wcf-intermediate-ca-1.pem.crt
@@ -8,7 +8,7 @@ RUN apt-get install -y ca-certificates --no-install-recommends
 RUN update-ca-certificates
 
 # hadolint ignore=DL3007
-FROM gcr.io/distroless/base-debian11@sha256:ac69aa622ea5dcbca0803ca877d47d069f51bd4282d5c96977e0390d7d256455
+FROM gcr.io/distroless/base-debian12@sha256:74ddbf52d93fafbdd21b399271b0b4aac1babf8fa98cab59e5692e01169a1348
 COPY --from=build-env /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
 
 COPY config/tls/milmove-cert-bundle.p7b /config/tls/milmove-cert-bundle.p7b

diff --git a/Dockerfile.tasks_dp3 b/Dockerfile.tasks_dp3
@@ -1,5 +1,5 @@
 # hadolint ignore=DL3007
-FROM gcr.io/distroless/base-debian11@sha256:ac69aa622ea5dcbca0803ca877d47d069f51bd4282d5c96977e0390d7d256455
+FROM gcr.io/distroless/base-debian12@sha256:74ddbf52d93fafbdd21b399271b0b4aac1babf8fa98cab59e5692e01169a1348
 
 # Demo Environment Certs
 COPY config/tls/api.demo.dp3.us.chain.der.p7b /config/tls/api.demo.dp3.us.chain.der.p7b

diff --git a/Dockerfile.tasks_local b/Dockerfile.tasks_local
@@ -19,7 +19,7 @@ RUN rm -f bin/milmove-tasks && make bin/milmove-tasks
 #########
 
 # hadolint ignore=DL3007
-FROM gcr.io/distroless/base-debian11@sha256:ac69aa622ea5dcbca0803ca877d47d069f51bd4282d5c96977e0390d7d256455
+FROM gcr.io/distroless/base-debian12@sha256:74ddbf52d93fafbdd21b399271b0b4aac1babf8fa98cab59e5692e01169a1348
 
 COPY --from=builder --chown=root:root /home/circleci/project/config/tls/milmove-cert-bundle.p7b /config/tls/milmove-cert-bundle.p7b
 COPY --from=builder --chown=root:root /home/circleci/project/bin/rds-ca-2019-root.pem /bin/rds-ca-2019-root.pem